White Paper
Cisco Unified Access Technology Overview:
Converged Access
Introduction
Today, less than 1 percent of things in the physical world are network connected. In the near future the growth of
the Internet of everything (IoE), which Cisco defines as the convergences of people, process, data, and things, will
make networked connections more relevant and valuable than ever before, creating unprecedented opportunities
for countries, businesses, and individuals. However, although the number of devices, applications, and bandwidth
demands are growing, the size of IT staff and budget remains static. IT organizations are struggling to manage the
bring-your-own-device (BYOD) trend and growth of mobile devices and traffic. They face two main challenges:
●
Complexity of managing separate wired and wireless networks, multiple management systems, multiple
network operating systems, and chaotic device onboarding processes.
●
Inconsistency of wired and wireless architecture, policy, security, features, and operations. When compared
with wired networks, wireless also does not have the same level of granular quality of service (QoS), policy,
and security enforcement close to endpoint devices.
®
Cisco Unified Access is an intelligent network platform for IoE to enable greater business agility, operational
efficiencies, and new connected experiences.
Cisco Unified Access Strategy
Based on “one policy, one management, one network,” the Cisco Unified Access solution delivers an integrated,
simplified, and intelligent network platform that enables IT to spend less time running the network and more time
collaborating and innovating with stakeholders to differentiate and transform the business.
Cisco One Policy provides a context-aware central policy platform across the entire network with systemwide
visibility on who and what are on the network: wired, wireless, or VPN. Cisco One Policy simplifies design and
implementation of policy and security. Cisco Identity Services Engine (ISE) enables this centralized policy platform
for the enterprise.
Cisco One Management provides comprehensive lifecycle management, performance assurance, and compliance
for converged wired and wireless networks. Cisco One Management simplifies network management operations.
Cisco Prime™ infrastructure provides a central platform for integrated lifecycle management and visibility of
applications and services across wireless, wired, campus, and branch network infrastructure.
Cisco One Network is the convergence of wired and wireless networks into a unified infrastructure with simplicity,
greater intelligence, operational consistency, scale, and open architecture. Cisco is also extending wired
infrastructure concepts, features, resiliency, and scalability to the wireless infrastructure. Cisco One Network is
composed of the following core products:
●
The new Cisco Catalyst® 3850 Series Switch with integrated wired and wireless functionality through built-in
Cisco IOS® Software wireless LAN controller (WLC), the new Unified Access Data Plane (UADP)
application-specific integrated circuit (ASIC), and enhanced hardware and operating system.
●
The new Cisco IOS Software-based Cisco 5760 WLC as appliance.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 10
●
The Cisco Catalyst 6500 Series Wireless Services Module 2 (WiSM2) or Cisco 5508 WLC with a software
upgrade.
Cisco One Network uniquely delivers ultimate business agility through networkwide intelligence and analytics,
scale, faster service rollout, and better change management. Cisco One Network also delivers greater business
efficiency with simplicity, greater network consistency, better data analytics, and smarter network designs and
operations.
Cisco One Network Architecture and Converged Access Mode
The foundation of Cisco One Network includes:
●
Converged wired and wireless network: One physical infrastructure increases business agility, simplicity,
and scale and delivers greater operational efficiencies. The Cisco Catalyst 3850 switch is the converged
access switch with integrated wireless controller functionality and is the foundation of the unified wired and
wireless network.
●
Consistent networkwide intelligence and operations: One common set of network capabilities and
context-aware intelligence for policy, visibility, analytics, and granular QoS across the entire wired-wireless
infrastructure enables simplicity and consistent user experience. It is based on one common ASIC design
and one common operating system for wired and wireless to further enhance feature consistency.
●
Integration into Cisco Open Network Environment: Industry’s first common interfaces across wired and
wireless enable a blueprint for delivering programmable data plane with OnePK for the enterprise campus
to further enhance business agility.
One of the primary architectural components of Cisco One Network is Cisco Converged Access mode, which uses
the Cisco Catalyst 3850 switch as a single platform to support integrated wired-wireless functionalities, including
both LAN switching and wireless capabilities powered by the new ASIC. Wireless access points can be terminated
directly on the Cisco Catalyst 3850 switch, which means termination of the Control and Provisioning of Wireless
Access Points (CAPWAP) data and management tunnels, to natively convert wireless data traffic (802.11) to wired
traffic (802.3) or vice versa. This convergence is further enhanced by the new switch’s capability to support robust
wireless throughput bandwidth, up to 40 Gbps on the Cisco Catalyst 3850 switch and 60 Gbps for the 5760
wireless controller, thereby making the network capable of addressing the proliferation of mobile data. Such wiredwireless convergence at the network edge also brings a high level of visibility and policy consistency to the entire
network, which did not exist in the past. The benefits of converged access also include high-throughput
performance where wireless data plane is terminated at the network edge, which meets the triple demands of high
wireless density, bandwidth-hungry video apps, and highly capable smartphones. The Cisco Catalyst 3850 switch
and the 5760 wireless controller perform at line rate in spite of the number of clients because wireless data tunnels
are terminated in hardware. In addition, Cisco is able to bring more than 20 years of Cisco IOS Software
technology excellence to the wireless network that was previously only available on the wired network.
The Cisco Catalyst 3850 switch is a converged access switch for wired and wireless networks. Main features of the
Cisco Catalyst 3850 switch include the following:
●
Best-in-class, fixed and stackable access switch with 480-Gbps stacking for gigabit desktop and 802.11ac
wireless.
●
Converged wired and wireless access with support for up to 40 Gbps wireless throughput, 50 Access points
and 2000 wireless clients per switch/stack.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 10
●
Distributed intelligent services with Flexible NetFlow on all ports, hardware capability for TrustSec and
MediaNet, and ease of operations using Cisco® Catalyst® Smart Operations.
●
Foundation for Cisco Open Network Environment enabled by the new ASIC with programmability and
investment protection.
The new Cisco Catalyst 3850 switch also provides enhanced radio resource management (RRM) capabilities,
which include neighbor discovery; noise, interference, load, and coverage measurements; use of the neighbor list;
and rogue containment and detection. Additional Cisco advanced radio frequency (RF) technologies include Cisco
CleanAir®, ClientLink 2.0, and VideoStream. CleanAir uses silicon-level intelligence to create a spectrum-aware
and self-optimizing wireless network that mitigates RF interference. VideoStream provides superior and consistent
performance of streaming video over wireless by enforcing video priority levels, controlling resource reservation,
and delivering reliable multicast.
In addition to the ability to terminate wireless data tunnels on the Cisco Catalyst 3850 switch and to apply policies
and Flexible NetFlow within hardware, irrespective of the number of policies applied, the QoS entries, the accesscontrol list (ACL), or the number of clients connected, the Cisco Catalyst 3850 switch with its built-in wireless
controller functionality continues to provide line-rate throughput. (See Figure 1.)
Figure 1.
Single Platform for Converged Wired and Wireless Networks
Additional Deployment Modes
In addition to converged access, Cisco also provides other deployment modes of the wireless infrastructure to
support the flexibility required to best match the network with the business requirements.
●
Autonomous: This is a deployment mode in which no wireless controllers are used. It is traditionally used
in small customer deployments. Wireless access points provide RF management, and they work directly
with ISE and Prime infrastructure to meet policy and network management requirements.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 10
●
FlexConnect: This deployment mode supports wireless access points in a branch or remote office from the
corporate office through a wide area network (WAN) link without requiring a controller in each branch office.
Access points in this deployment mode can switch client data traffic locally and perform client authentication
locally if desired. Traffic can also be sent back to the centrally located wireless controller on a dynamic
basis based on the business requirements.
●
Centralized: This deployment mode allows a centrally managed wireless infrastructure in which all wireless
endpoint association or authentication tasks are handled by a WLC. It is traditionally deployed in medium to
large-sized campus or branch environments. The access point configurations are also managed by the
WLC. Access points download the entire configuration from the WLC and act as a wireless interface to the
clients. All the management and data packets are tunneled to the WLCs, which then switch the packets
between wireless clients and the wired portion of the network. (See Figure 2.)
Figure 2.
Comparison of Various Wireless Deployment Modes
Table 1 lists feature comparisons among these deployment modes.
Table 1.
Deployment Mode Feature Comparison
Functionality
Autonomous
FlexConnect
Centralized
Converged
Converged LAN and WLAN operating system
-
-
-
Yes
Traffic visibility at every network layer
-
-
-
Yes
Single point of policy enforcement for LAN/WLAN
-
-
-
Yes
Advanced functionality: high scalability
-
Yes
Yes
Yes
High resiliency: subsecond failover
-
Yes
Yes
Yes
One policy: ISE
Yes
Yes
Yes
Yes
One management: Prime infrastructure
Yes
Yes
Yes
Yes
Best-in-class RF
Yes
Yes
Yes
Yes
Cisco Unified Access Technology Advantage
Cisco Unified Access enables new connected experiences with the following unique functionalities that are shared
across the entire Cisco wired and wireless infrastructure.
●
Single platform for wired and wireless: Converged access uses one common set of context-aware
intelligence and network capabilities across the entire wired-wireless infrastructure, based on one Cisco IOS
Software operating system and one ASIC design for the Cisco Catalyst 3850 switch and the 5760 wireless
controller to deliver operational consistency and simplicity. The benefits of this single platform approach are
business efficiency and a consistent, high-quality user experience.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 10
●
Networkwide visibility: Wireless data traffic is now converted to wired traffic at the network edge, so that
all the tools and technologies for the wired network can be used for wireless as well. In addition, since
wireless data traffic is no longer encapsulated in tunnels, IT administrators can gain visibility everywhere on
the network at each hop along the data path. Cisco Unified Access helps customers to identify, analyze,
and optimize their wired and wireless application traffic with powerful application visibility and control (AVC)
tools such as Cisco Flexible NetFlow and WireShark. The benefits of such networkwide visibility are faster
troubleshooting and problem resolution as well as more accurate capacity-planning capabilities.
●
Consistent security and QoS control: Now the same set of security and policy requirements can be
applied to both wired and wireless networks, starting from the network edge, through the backbone, all the
way to the data center. Cisco delivers sophisticated security capabilities throughout the entire network to
help strengthen security and minimize breaches. The advanced QoS architecture as discussed earlier
allows granular controls based on items such as access points, radio, service set identifier (SSID), client,
and application to support business priorities and to apply bandwidth fair-share policies for a better user
experience.
●
Maximum resiliency with fast stateful recovery: Cisco Unified Access enables maximized network
availability with stateful switchover and many other high-availability mechanisms that provide the most
reliable network with the fastest WLAN and LAN recovery times (subsecond switchover for both wired and
wireless). Such a highly reliable network provides a powerful platform to deliver business applications and
services with minimum disruptions.
●
Scale with distributed wired and wireless data plane: The distributed wired and wireless data plane
enables enterprises to scale to a 480G data plane per switching stack, up to 40G (Cisco Catalyst 3850
switches) and 60 G (Cisco 5760 wireless controllers) wireless throughput, 72K access points, and 864K
wireless clients supported by Cisco 5760 wireless controllers or WiSM2 modules, delivering the largest
Layer 3 mobility domains and highest scalability in the industry. Customers benefit from such a highly
scalable solution as they plan for future growth with gigabit desktops and 802.11ac clients.
Understanding Mobility in Converged Access Mode
The new Cisco Converged Access mode provides an evolutionary path for the existing wireless infrastructure to
reach a new level of innovation and scalability. A major converged access advantage is separation of the data and
control planes. This enables the capability to scale data throughput by supporting multiple tens of gigabit
throughput at the switch instead of carrying it back to the centralized controller. With converged access, data traffic
generated by wireless endpoints can be controlled and optimized at the network edge (based on networking and
security policies), instead of having to go through a central WLC first. The central policy platform with a distributed
and pervasive enforcement infrastructure enables common policies and common services for wired and wireless
traffic such as NetFlow and advanced QoS, which will be discussed in a later section of this white paper.
The following mobility components constitute the primary components of the converged access mode.
●
Mobility agent: A mobility agent is a function to manage a wireless client database that includes client
association or authentication status. Each Cisco Catalyst 3850 switch stack produces one mobility agent
that can manage up to 50 access points and up to 2000 wireless clients. The mobility agent is also
responsible for providing access point connectivity and CAPWAP termination.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 10
●
Mobility controller: A mobility controller provides mobility management tasks including interswitch peer
group roaming, RRM, and guest access. One mobility controller is required for each mobility subdomain.
A Cisco Catalyst 3850 switch can serve as a mobility controller for small to medium-sized deployments. For
large deployments, a dedicated WLC such as the 5760 WLC or WiSM2/5508 WLC with a software update is
required.
Mobility roaming, in which a wireless client moves from one physical location to another without losing connectivity
and services at any time, can be managed by a single mobility controller if roaming is limited to a small number of
access points that are physically located together. Roaming among a large number of access points can be
managed by multiple mobility controllers in a mobility group.
The Cisco Unified Access mobility architecture benefits include:
●
Scalability: The converged access deployments allow a highly scalable design for small, medium, and
large customer deployments. Furthermore, the entire network delivers high performance for any sized
deployments enabled by the new Cisco Catalyst 3850 switch that provides high wireless bandwidth starting
at the network edge and by separation of wireless data plane versus control plane, which allows traffic
optimization.
●
Deterministic policy consistency: By default, all roams (whether across a Layer 3 boundary or not) carry
the end user traffic from their roamed-to switch (where the user’s current wireless traffic terminates) back to
the original switch through which the user initially associated. By doing so, the user’s policy enforcement
point remains fixed by the initial switch, and roam times are more deterministic as the user continues to
move around. However, this default behavior can be modified using a setting to allow for a policy
enforcement point to be moved to a new switch where the roaming user’s current association is.
●
Efficiency: Mobility agents can be fully meshed and autocreated within a group. Mobility controllers are
also fully meshed within a mobility group. Roamed traffic within a group of access points moves directly
between the mobility agents in that group. Roamed traffic between different groups of access points moves
using the mobility controllers servicing those groups.
Understanding Quality of Service in Converged Access Mode
Converged access enables a new level of consistent, granular, and multilevel QoS capabilities for the converged
wired and wireless infrastructure. In a traditional network, QoS policies are applied on a wireless LAN controller,
while wired policies are applied on a switch port. There was no consistency between wired and wireless QoS
policies. QoS definition, granularity, and behavior mismatch between wired and wireless caused many network
performance problems. It became very difficult to match QoS behavior across different access types. With the new
converged access architecture, both wired and wireless QoS policing policies are implemented on the Cisco
Catalyst 3850 switch and on the converged data traffic, thereby providing simplicity of management for the network
administrator and consistent experience for the end user. See Figure 3 for details.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 6 of 10
Figure 3.
Comparison of Existing QoS and New QoS Architectures
The new QoS architecture also provides enhanced wireless bandwidth management, which uses the Cisco
approximate fair drop technology to make sure of bandwidth fairness for non-real time traffic.
Primary benefits of granular, multilevel QoS intelligence for wireless are better user experience and fair-share
bandwidth management for wireless. Before, wireless networks lack QoS visibility and enforcement at the edge
and were vulnerable to unfair bandwidth allocation because no QoS could be applied inside the wireless tunnels.
Now the Cisco Catalyst 3850 terminates the wireless tunnels, so QoS can be applied much closer to the user. It
also enables IT to apply QoS and bandwidth fair-share policies based on granular information such as access
point, radio, SSID and application throughout the entire wired and wireless network.
Migration to Converged Access
Customers considering purchase of the new Cisco Catalyst 3850 switches can easily migrate to the converged
access deployment mode with investment protection. This mode supports the existing 802.11n access point
models as well as 5508/WiSM2 controllers as mobility controller. Therefore, it allows customers with any of the
other deployment modes (standalone, FlexConnect, or centralized) to easily migrate to the converged access
mode and take advantage of the additional benefits.
Use Cases
Cisco Unified Access provides a highly scalable and resilient solution that can be deployed for any networks with
different sizes and scope. The following are three typical deployment use cases.
Small Branch Environment
This is normally a small site such as a satellite office or a chain store. There is typically no onsite IT support.
Network reliability is critical because most network services and resources are located at the central headquarters.
Any simplification and efficiency improvements at a single branch office can translate into significant savings for
companies when multiplied by their large number of sites. Converged access for a small branch site can be
implemented by a single stack of Cisco Catalyst 3850 switches to support local LAN and wireless needs. The
Cisco Catalyst 3850 switch stack serves as wireless mobility agent and mobility controller to support up to 50
access points and 2000 wireless clients. No dedicated WLC is needed.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 7 of 10
●
Features: Advanced QoS, NetFlow, other services for wireless and wired traffic, Layer 3 visibility, and WAN
efficiency.
●
Benefits: Management simplicity, good availability due to mobility agent/mobility controller redundancy
within the Cisco Catalyst 3850 switch stack, optimized multicast, mobile device onboarding, BYOD and
wireless continuity with either WAN outage or switch failure within the stack. These benefits are also shared
with environments describe next.
Financial services or retail industries with small branch environments are some of the examples of customers that
might consider this deployment model. (See Figure 4.)
Figure 4.
Illustration of Small Branch Deployment Use Case
Large Branch or Small/Medium Campus Environment
This can be a medium to large remote site such as an entire building or a remote campus. Network reliability is
critical, and scalability also becomes important because there are more end users and devices in this type of
environment. High-quality user experience and productivity gains are top priorities. Converged access can be
implemented by multiple stacks of Cisco Catalyst 3850 switches to support wired and wireless networking needs.
Each Cisco Catalyst 3850 switch stack serves as a wireless mobility agent and mobility controller. This model
supports up to 250 access points and 16,000 wireless clients without requiring a dedicated WLC.
●
Features: Advanced QoS, NetFlow, other services for wireless and wired traffic, Layer 3 roaming,
VideoStream and optimized multicast, mobile device onboarding, BYOD, and network intelligence.
●
Benefits: High-quality user experience, excellent availability because of mobility agent/mobility controller
redundancy within the Cisco Catalyst 3850 switch stacks, and wireless continuity to mitigate risks because
of either WAN outage or switch failure within the stack. (See Figure 5.)
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 8 of 10
Figure 5.
Illustration of Large Branch Deployment Use Case
Main Campus Environment
This is typically a large environment with multiple buildings in one campus location. Scalability and the ability to
deploy timely services based on business needs become top priorities. Converged access for a main campus
environment can be implemented by multiple stacks of Cisco Catalyst 3850 switches to support wired and wireless
networking needs with separate 5760/5508/WiSM2 as dedicated WLCs. Each Cisco Catalyst 3850 stack serves as
a wireless mobility agent with multiple groups of access points. Notice that converged access can coexist with
other wireless deployment modes such as centralized, where existing wired and wireless infrastructure
components continue to use CAPWAP tunnels for wireless data traffic. With dedicated WLCs (5760/WiSM2/5508)
as mobility controllers, Cisco Unified Access supports the largest Layer 3 roaming domains, with up to 72,000
access points and up to 864,000 wireless endpoints.
●
Features: Scalable design; high performance; extensive mobility and roaming support; advanced QoS;
NetFlow; and other services for wireless and wired traffic, BYOD, and network intelligence.
●
Benefits: Highest scalability for large deployments (more than 250 access points), business agility with fast
service rollouts, simplified mobility deployment, and support for very large Layer 3 roaming domains.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 9 of 10
Universities or enterprise campus environments are examples of customers that might consider this deployment
model. (See Figure 6.)
Figure 6.
Illustration of Main Campus Deployment Use Case
Summary
Cisco Unified Access with “one policy, one management, one network” provides customers with a business
platform for the Internet of everything. Cisco One Network redefines the concept “the network is the platform,”
making it more agile, consistent, efficient, and simple. Cisco Unified Access transforms wired and wireless
networks into one converged and unified infrastructure with simplicity, greater intelligence, operational consistency,
scale, and open interfaces that enable greater business agility and efficiency.
For more information about Cisco Unified Access, visit http://cisco.com/go/unifiedaccess.
Printed in USA
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
C11-726107-00
01/13
Page 10 of 10
